The problem is that open source software developers call in code from other open source applications. "If you're using only a few open software packages, you're actually using a whole lot more applications because open software builds on things other people have done," Stormy Peters, executive director of the Gnome Foundation, a nonprofit organization that coordinates the efforts of the Gnome Project, told a presentation today on avoiding open source lawsuits. The Gnome Project is a worldwide project to create a free computing platform for public use.

For example, a project using Ant, MySQL and MSQL Server Connector, AspectJ and the Spring Framework would "really use over 90 different open software packages, each of which has its own license," Peters said. "The problem is that it's difficult to find out what other software open software depends on."

Peters made her presentation at the Next Generation Data Center and LinuxWorld conferences, being held concurrently here through Thursday.

Enterprises are more at risk of lawsuits than they think. According to Peters, companies report an average of 94 open sources in use, but actual inventory scans show they actually have from three to 10 times more packages in the environment, which is "a risk, logistically and legally, right off the bat."

Corporations can face lawsuits for a multitude of reasons. They can be sued for intellectual property infringement, which is violation of patent, trademark, copyright or trade secrets, Peters said. Or they could be sued for noncompliance with the terms of a license.

The problem is complicated by the fact that two levels of licenses govern open source software. At the general level, several general licenses are over and above the licenses.

One is the GNU General Public License (GNU GPL) , which says, in essence, that anyone modifying and distributing software this license governs has to include the modified source code with the distribution. This doesn't apply if the software is used in-house.